Rapid7 Blog

Zero-day

Time to chalk up one more victory for the forces of goodness and light in our struggle against secret 0-day.Java 0-Day Exploit ShippedIf you pay any attention at all to the usual security news, you will have certainly already heard about how Accuvant's Josh…

On late Sunday night, the Metasploit Exploit team was looking for kicks, and heard the word on the street that someone was passing around a reliable Java 0-day exploit. Big thanks to Joshua J. Drake (jduck), we got our hands on that PoC, and then…

Ever since the first sightings of a new zero-day attack (CVE-2012-0779) on Adobe Flash last month, the exact path of exploitation has been somewhat of a mystery. The attacks were specifically targeted against defense contractors and other victims as part of a spear phishing attack,…

This week's release sees a quiet vulnerability fix, an exploit against an unpatched vulnerability in Microsoft's XML Core Services, and some helpful new/old commands, as well as the usual pile of exploity goodness you've come to expect from the Metasploit kitchen.Vulnerabilities? In My…

We've been noticing a lot of exploit activities against Microsoft vulnerabilities lately. We decided to look into some of these attacks, and released two modules for CVE-2012-1889 and CVE-2012-1875 within a week of the vulnerabilities' publication for our users to test their systems. Please note…

Microsoft Security Intelligence Report Volume 11 for the first half of 2011 offers solid evidence to support what security researchers have been shouting feverishly for the last year. This is just more data to confirm that zero-day attacks – while they can certainly cause damage…